OK, I found a message that Sniffer identified as spam and ran it through SA manually and following are results:
[mail:/home/vmail/taisweb.net/archive_received/Maildir] 9:22am# spamassassin --siteconfigpath=/usr/local/etc/mail/spamassassin -x -t .jlee/new/1237155804.M27154P10624V0000005CI0051B175_0.mail.taisweb.net,S =3981 Return-Path: <sys...@blogsuccess.com> X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on mail.taisweb.net X-Spam-GBUdb-Analysis: 2, 67.131.25.27, Ugly c=0 p=0 Source New X-Spam-Status: No, score=-1.8 required=5.0 tests=HABEAS_ACCREDITED_COI,SNF4SA, URIBL_GREY autolearn=disabled version=3.2.1 X-Spam-SNF-Result: 62 (Obfuscation Techniques) X-Spam-DCC: CollegeOfNewCaledonia: mail.taisweb.net 1189; Body=1 Fuz1=1 Fuz2=1 X-Spam-Level: X-Spam-MessageSniffer-Rules: 62-469556-2307-2317-m 62-469556-4261-4271-m 62-469556-0-5994-f X-Spam-MessageSniffer-Scan-Result: X-Original-To: archive_received+j...@taisweb.net Delivered-To: archive_received+j...@taisweb.net Received: from localhost (localhost.taisweb.net [127.0.0.1]) by mail.taisweb.net (Postfix) with ESMTP id D7B292B2C87 for <j...@taisweb.net>; Sun, 15 Mar 2009 18:23:23 -0400 (EDT) X-Virus-Scanned: amavisd-new at taisweb.net Received: from mx1.rmslink.net (mx1.rmslink.net [68.118.154.10]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.taisweb.net (Postfix) with ESMTP id 65A522B2C92 for <j...@taisweb.net>; Sun, 15 Mar 2009 18:23:20 -0400 (EDT) Received: from platinum-smtp.infusionsoft.com (blogsuccess.platinum-smtp.infusionsoft.com [67.131.25.27]) by mx1.rmslink.net (Postfix) with ESMTP id 1EBDC39824 for <j...@taisweb.net>; Sun, 15 Mar 2009 18:23:19 -0400 (EDT) Received: from gil (unknown [10.3.0.124]) by smtp29.infusionsoft.com (Postfix) with ESMTP id 1B41B20841874 for <j...@taisweb.net>; Sun, 15 Mar 2009 18:23:19 -0400 (EDT) Date: Sun, 15 Mar 2009 18:23:19 -0400 (EDT) From: Jack Humphrey <listrespo...@blogsuccess.com> Sender: sys...@blogsuccess.com To: j...@taisweb.net Message-ID: <1429329783.1408551237155799111.javamail.tom...@gil> Subject: J, this is BIG news! Errors-To: sys...@blogsuccess.com MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit BatchId: 27269 X-BatchId: 27269 X-campaignid: infusion_blogsuccess27269 X-InfApp: blogsuccess X-BBounce: blogsuccess_3812781 X-InfContact: 235195 X-InfSent: 3812781 Package: platinum X-inf-package: platinum X-inf-source: MailBatchFulfillRequest X-MinStatusFlags: Double Opt-In X-MaxStatusFlags: Double Opt-In X-inf-uflags: Double Opt-In X-inf-iflags: Double Opt-In X-Virus-Scanned: ClamAV 0.94.2/9110/Sun Mar 15 01:06:44 2009 on mx1.rmslink.net X-Virus-Status: Clean [SNIP.../] Content preview: J, I have some news to share with you. Some BIG news Mike Filsaime has announced that he is GIVING AWAY 5000 Home Study courses of Butterfly Marketing. [...] Content analysis details: (-1.8 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -8.0 HABEAS_ACCREDITED_COI RBL: Habeas Accredited Confirmed Opt-In or Better [67.131.25.27 listed in sa-accredit.habeas.com] 6.0 SNF4SA Message Sniffer 0.2 URIBL_GREY Contains an URL listed in the URIBL greylist [URIs: infusionsoft.com] So the SNF4SA plugin is correctly returning the weight when run manually through SA. I will report this to the amavisd-new list to see if anyone has any ideas. Dan Horne TAIS Director of Operations www.taisweb.net supp...@taisweb.net 828.252.TAIS (8247) > -----Original Message----- > From: Message Sniffer Community [mailto:snif...@sortmonster.com] On Behalf Of > Dan Horne > Sent: Friday, May 15, 2009 9:23 AM > To: Message Sniffer Community > Subject: [sniffer] Re: SNF4SA - Message Sniffer Antispam Plugin for > SpamAssassin > > Sorry, forgot to CC all: > > No the weight=1 issue is not yet resolved. In fact, I have been able to > determine that snf4sa is actually querying snfserver properly. I > removed the old plugin so only snf4sa is loaded by SA. I then tailed > the sniffer log and see items like this continuing to scroll by: > > <s u='20090515130114' m='/tmp/snf4sa/dL5Q6vQZ9G' s='52' r='2266218'> > <m s='52' r='2266218' i='906' e='949' f='m'/> > <p s='0' t='44' l='65536' d='56'/> > <g o='0' i='67.23.34.175' t='u' c='0.936317' p='-0.0474465' > r='Normal'/> > </s> > > Note the path to the temp file /tmp/snf4sa/.... > That tells me that everything is working properly except the returning > of the score to SA. > > I have tried running test messages through SA manually and the SNF4SA > headers get inserted properly, but I haven't yet run through a message > that sniffer identified as spam. I will attempt to get one of those and > run it through SA manually to see if SNF4SA returns the correct weight > when it identifies the spam. > > I will also join the amavisd-new list and see if anyone there can shed > some light. > > Dan Horne > TAIS > Director of Operations > www.taisweb.net > supp...@taisweb.net > 828.252.TAIS (8247) > > > > -----Original Message----- > > From: Pete McNeil [mailto:madscient...@armresearch.com] > > Sent: Thursday, May 14, 2009 6:27 PM > > To: Alban Deniz > > Cc: Dan Horne > > Subject: Re: [sniffer] Re: SNF4SA - Message Sniffer Antispam Plugin > for > > SpamAssassin > > > > Alban Deniz wrote: > > > > <snip/> > > > > 1) I'll look at the SA3 and SNF4SA plugins to see if I can > determine the > > > > reason for the timeout, and a solution. Pete mentioned that one > major > > > > difference is that SNF4SA uses a TCP connection to communicate > with > > > > SNFServer, while SA3 uses SNFClient. > > > > > > > > > The only possibility I can think of is that the snf4sa plugin > doesn't > > > wait long enough when running under amavisd-new. The timeout in > snf4sa > > > is set to 1 second, which is long enough when snf4sa is run by the > > > spamassassin command line. It might not be long enough when running > > > under amavisd-new. I don't think this is the problem. However, if > you > > > don't mind trying a longer timeout, here's how to change it: Edit > > > snf4sa.pm, changing line 72 from > > > > > > > > > $self->{SNF_Timeout} = 1; > > > > > > > > > to > > > > > > > > > $self->{SNF_Timeout} = 10; > > > > > > > > > Of course, a 10 second delay to process an email is unacceptable; > this > > > would simply point us in the right direction. Please let me know if > > > can try this. > > Hey guys... > > > > The timeout used in the SNFClient is on the order of 30 seconds--- 10 > to > > get a connection, 20 more to get an answer. When a system is busy it > can > > take a few seconds for other requests that have already started to be > > processed. The overall throughput is much higher than the individual > > message timeout may suggest. > > > > I recommend allowing at least 10 seconds -- though 30 might be more > > appropriate. > > > > Note also that I've seen SA itself take as long as 10-15 seconds to > > process a message (depending on conditions) and it is roughly nominal > to > > see it take 1 - 3 seconds per message in many configurations. SNF is > > usually much quicker -- but we can't make assumptions about what else > > may be happening on the system at any moment -- especially during > > start-up conditions where incoming messages might be queued elsewhere > > and ready to cause a rush. > > > > Also -- isn't it reasonable that if SNF4SA does timeout it should > > provide a 0 weight instead of 1 ?? > > > > Is that issues resolved? > > > > Thanks for keeping me in the loop. > > > > _M > > > > ############################################################# > This message is sent to you because you are subscribed to > the mailing list <sniffer@sortmonster.com>. > To unsubscribe, E-mail to: <sniffer-...@sortmonster.com> > To switch to the DIGEST mode, E-mail to <sniffer-dig...@sortmonster.com> > To switch to the INDEX mode, E-mail to <sniffer-in...@sortmonster.com> > Send administrative queries to <sniffer-requ...@sortmonster.com> ############################################################# This message is sent to you because you are subscribed to the mailing list <sniffer@sortmonster.com>. To unsubscribe, E-mail to: <sniffer-...@sortmonster.com> To switch to the DIGEST mode, E-mail to <sniffer-dig...@sortmonster.com> To switch to the INDEX mode, E-mail to <sniffer-in...@sortmonster.com> Send administrative queries to <sniffer-requ...@sortmonster.com>